[Security] Row-level security in ADF
392825Aug 6 2007 — edited Aug 7 2007Hi all,
I want to implement row-level security in my application, the scenario is like this:
There are several users that connect to the application
These users are authenticated in some way (XML file, OID, DB)
When each user wants to access (Select, Update, Delete) an ADF Table, either updatable or read-only, a predefined 'where condition' based on that table and the operation the user wants to do, must be concatenated to his DML, transparent from the user.
So if for example a user queries the Emp Salary table only records with salary < 10K/Month will be fetched from the underlying table. This should be done automatically and not hard-coded in the application.
I have tried VPD and it has some useful features but my problems are:
1) Where and how to define the 'where conditions'?
2) How to attach the 'where conditions' to the executing DML?
3) What is the best way to make DB know which user is really executing DMLs? (Not a single Application Server admin user)
4) What is the best authentication approach?
Any helps will be really appreciated.
S/\EE|)